package ute.mvc.controller.portal.admin;

import javax.servlet.http.HttpServletRequest;
import javax.validation.Valid;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

import ute.mvc.dto.ChangePasswordDTO;
import ute.mvc.model.User;
import ute.mvc.model.User.GroupEdit;
import ute.mvc.service.UserService;
import ute.mvc.util.PasswordUtil;

@Controller
@RequestMapping(value = { "/{portal}/account" })
public class AccountController {

	@Autowired
	UserService userService;

	@RequestMapping(value = { "/edit", "" }, method = RequestMethod.GET)
	public String getEditAccount(Model model, HttpServletRequest request) {

		// get From session
		User user = (User) request.getSession().getAttribute("user");
		model.addAttribute("user", user);
		return "account_edit";
	}

	@RequestMapping(value = "/edit", method = RequestMethod.POST)
	public String editAccount(
			@Validated(GroupEdit.class) @ModelAttribute User user,
			BindingResult result, Model model) {

		if (result.hasErrors())
			return "account_edit";
		User existUser = userService.getUserByEmail(user.getEmail());
		if (existUser != null && user.getUserId() != existUser.getUserId()) {
			result.rejectValue("email", "userNameExist");
			return "account_edit";
		}

		userService.updateUser(user);
		return "redirect:../../portal";
	}

	@RequestMapping(value = { "/changepassword" }, method = RequestMethod.GET)
	public String getChangePassword(Model model) {

		// get From session
		model.addAttribute("changePasswordDTO", new ChangePasswordDTO());
		return "account_change_password";
	}

	@RequestMapping(value = "/changepassword", method = RequestMethod.POST)
	public String changePassword(@Valid @ModelAttribute ChangePasswordDTO changePasswordDTO,
			BindingResult result, Model model, HttpServletRequest request) {

		if (result.hasErrors())
			return "account_change_password";
		if(!changePasswordDTO.getConfirmPassword().equals(changePasswordDTO.getNewPassword())){
			result.rejectValue("confirmPassword", "mismatch");
			return "account_change_password";
		}
		
		// get From session
		User user = (User) request.getSession().getAttribute("user");
		String password = PasswordUtil.hashPassword(changePasswordDTO.getOldPassword());
		
		if(!user.getPassword().equals(password)){
			result.rejectValue("oldPassword", "wrong");
			return "account_change_password";
		}
		
		user.setPassword(changePasswordDTO.getNewPassword());
		userService.updatePassword(user);
		return "redirect:../../portal";
	}
}
